Links

TWEETS RECENTES

With the added security features and functions available in TPAE/Maximo version 7 configuring your security to work just the way you want it can be extremely complex and time consuming. Once you get it configured in dev/test you then need to move it to production – you don’t want to start from scratch. Fortunately, Migration Manager comes with some pre-defined object structures and a migration group to facilitate this. There are some important considerations to help you be successful. The APPSECURITY Migration Group is dependent on other... [More]

As companies are becoming more security-aware they are conducting security audits of their key applications and looking for ways to ‘harden’ their implementations. Maximo and other TPAE based products are scanned using IBM's Rational AppScan tools to identify and remediate known security vulnerabilities. There are many suggested configurations to make an implementation more secure. Deploy your system over SSL. Most security auditing tools will alert if information, especially user session information, is sent over a network and not encrypted.... [More]

When you plan to use application server security to authenticate TPAE/Maximo users against an external directory you also have the option to synchronize users and/or groups and group memberships. There are a few decisions you need to make before you begin. Who will be synchronized? You can use a standard LDAP filter to synchronize a subset of users into the system. These users can be in a pre-defined OU, role or group or can simply meet a standard query. Synchronizing a subset of users will improve the performance of the sync and also improve... [More]

Here in the Maximo development team we try to reinvent the wheel as little as possible. Part of the reason we run on application servers such as WebSphere is the robust feature set that they offer – and that we don’t have to build. Especially in the area of security, we leverage the capabilities of the application server for a great deal of functionality. Many of our certifications for things like IPv6 compliance and encryption standards come directly from the capabilities of the application server. We use application server capabilities for... [More]

A recent article revealed the 25 worst passwords of 2011 according to SplashData's compliation of lists posted online by hackers. Some are the 'usual suspects' but many are much more unexpected. As a reminder, strong passwords: Are case-sensitive Be at least 8 characters long Require a number and/or special character Never be the same as the user ID Never be a word that is easy to guess such as ‘password’ or ‘maximo’ Must be changed regularly, such as every 90 days Here is the list of the worst passwords of the year password 123456 12345678... [More]

Security breaches of your software and valuable data from malicious users is an ongoing concern for software administrators. Maximo offers functionality to assist with intrusion protection. Functionality has been added to defend against brute-force attacks involving unauthorized login, user self-registration and forgot passwords attempts. These features have been added to Maximo 7.5.0.1. See the product link for more details or via this URL:... [More]

Introduction The objective of this post is provide a definitive view of how configuring Maximo authentication using WebSphere and a LDAP Federated Repository. During the reading, it will be possible to understand some definitions and get tips to take the best of this capability. This example uses the Federate Repository functionality of WAS, which means, allow one-to-many authentication sources be used as a single view from the application perspective. It is worth considering this approach due its easy configuration and ability to expand to... [More]

You may need to add restrictions to new or existing Maximo attributes, for example, making them required, read only or hidden. Let’s describe the different ways you can do this from either Application Designer or with attribute restrictions in the Security Groups application. These restrictions can be either conditional or non-conditional. What is the difference ? Application Designer configurations are always for one application. Configurations that use data restrictions can apply to all applications that use the object or attribute or to one... [More]

You may have many questions surrounding Maximo support for USGCB, FDCC, FIPS support, NIST SP800-131a and Section 508 accessibility. The following article provides you further details regarding Maximo support for these standards. USGCB is the US Government Configuration Baseline for additional security settings on computers running Windows 7 & Windows 2008. Further details regarding this standard are available at usgcb.nist.gov . Please note that Maximo 7.5 (and subsequent fix packs) and Maximo 7.1.1.8 (and subsequent fix packs) are... [More]

Independence of security groups are one of the most misunderstood concepts in the Maximo/TPAE security construct. Why would you want a group to be independent? What are the implications of checking that check box? Basically, security group independence exists to allow you to configure site specific access to a set of applications, options or controls. If you are not configuring site specific rules you don’t need an Independent group. If you only have one site, you should never have Independent groups. By default, security groups combine with... [More]

Everyone is different. Different physical characteristic like heights, weights, skin tones, and eyes combined with varied backgrounds, skills, beliefs and multiple other characteristics make each person unique. I love going to large events like baseball games where you see massive numbers of diverse individuals - sharing a similar interest. Likewise, your Version 7 users are similar in that they use Maximo, but they are each unique individuals with a broad range of skills sets and job requirements. Because of this diversity, you should... [More]

As organizations security requirements evolve over time, it
may become necessary to re-think your user roles. It is difficult to balance
the need for granular access to application functionality and data with
performance and administration overhead. Many customers have decided to
simplify their configuration and there are some tools within the system that
can help with this process.
First, there is a Security Groups Report within the Security
Groups application. This report can be run for a group or a user and will show
everything... [More]

At IBM we often get asked about security vulnerabilities and
how our products are impacted. Did you know there is a pro-active step you can
take to stay informed? IBM has a community, similar to the Asset Management
one, where you can subscribe to security alerts and bulletins. Here you can
find IBMs response to all of the things that you may hear of on the news and
resources for improving security in your own organization.
Customers and outside organizations report possible issues to IBM and then
uses standards similar to the... [More]

The Middleware Installer for Maximo and other Maximo based products provides an option to install and configure IBM Tivoli Directory Server as an LDAP server for Maximo Security. Sometimes, it may be desirable to install and configure ITDS manually. This new Wiki page outlines a step by step procedure for installing and configuring ITDS for Maximo Security. You can also access the page at this shortened url: http://ibm.co/XtFE3U The procedure detailed in the wiki page includes steps on adding the required Maximo security users but can... [More]

By Randy McDaniel
******************************************************
Whether you have 10 or 100 workers, do they have a clear idea of what is on their plate each day? Or do they kill time waiting or looking for supervisors to tell them what to do? Organizing work so it can be assigned to the right people at the right time is a challenge for achieving Plant and Facilities Maintenance Excellence.
Here are three simple concepts that will lead to effective and efficient work management:
Work... [More]